An administrator is creating an IPsec site-to-site VPN between his corporate office and branch office. Both offices are protected by Check Point Security Gateway managed by the same Security Management Server. While configuring the VPN community to specify the pre-shared secret the administrator found that the check box to enable pre-shared secret is shared and cannot be enabled. Why does it not allow him to specify the pre-shared secret?
IPsec VPN blade should be enabled on both Security Gateway.
Pre-shared can only be used while creating a VPN between a third party vendor and Check Point Security Gateway.
Certificate based Authentication is the only authentication method available between two Security Gateway managed by the same SMS.
The Security Gateways are pre-R75.40.
Correct answer: C
Question 2
ABC Corp., and have recently returned from a training course on Check Point's new advanced R80 management platform. You are presenting an in-house R80
Management to the other administrators in ABC Corp.
How will you describe the new “Publish” button in R80 Management Console?
The Publish button takes any changes an administrator has made in their management session, publishes a copy to the Check Point of R80, and then saves it to the R80 database.
The Publish button takes any changes an administrator has made in their management session and publishes a copy to the Check Point Cloud of R80 and but does not save it to the R80
The Publish button makes any changes an administrator has made in their management session visible to all other administrator sessions and saves it to the Database.
The Publish button makes any changes an administrator has made in their management session visible to the new Unified Policy session and saves it to the Database.
Correct answer: C
Explanation:
To make your changes available to other administrators, and to save the database before installing a policy, you must publish the session. When you publish a session, a new database version is created. Reference: https://sc1.checkpoint.com/documents/R80/CP_R80_SecMGMT/html_frameset.htm?topic=documents/R80/CP_R80_SecMGMT/126197
To make your changes available to other administrators, and to save the database before installing a policy, you must publish the session. When you publish a session, a new database version is created.
Which of the following ClusterXL modes uses a non-unicast MAC address for the cluster IP address.
High Availability
Load Sharing Multicast
Load Sharing Pivot
Master/Backup
Correct answer: B
Explanation:
ClusterXL uses the Multicast mechanism to associate the virtual cluster IP addresses with all cluster members. By binding these IP addresses to a Multicast MAC address, it ensures that all packets sent to the cluster, acting as a gateway, will reach all members in the cluster. Reference:https://sc1.checkpoint.com/documents/R76/CP_R76_ClusterXL_AdminGuide/7292.htm
ClusterXL uses the Multicast mechanism to associate the virtual cluster IP addresses with all cluster members. By binding these IP addresses to a Multicast MAC address, it ensures that all packets sent to the cluster, acting as a gateway, will reach all members in the cluster.